Ciao a tutti.
Mi potreste dare una controllatina al log?
(Come mai nè malwarebytes, nè AVG, rilevavano queste tracce del Navipromo??)
Grazie.
Ciao
PS: Non so se è importante, ma nella fase finale ComboFix ha detto che non trovava il Driver C:\Windows\System32\Drivers\COMBO-FIX.sys

Ciao


ComboFix 09-11-20.05 - vpnbaldo 11/21/2009 18:15.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.503.243 [GMT 1:00]
Eseguito da: c:\documents and settings\vpnbaldo\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

ATTENZIONE - QUESTO PC NON HA LA CONSOLE DI RIPRISTINO DI EMERGENZA INSTALLATA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\vpnbaldo\Impostazioni locali\Dati applicazioni\koigi.dat
c:\documents and settings\vpnbaldo\Impostazioni locali\Dati applicazioni\koigi_nav.dat
c:\recycler\S-1-5-21-398348589-4096269796-4152297477-500
c:\windows\regedit.com
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_OREANS32
-------\Service_oreans32


((((((((((((((((((((((((( Files Creati Da 2009-10-21 al 2009-11-21 )))))))))))))))))))))))))))))))))))
.

2009-11-17 18:13 . 2009-11-17 19:11 -------- d-----w- c:\programmi\Ubisoft
2009-11-16 13:47 . 2009-11-16 13:47 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\DAEMON Tools Lite
2009-11-15 13:23 . 2007-10-23 08:27 110592 ----a-w- c:\documents and settings\vpnbaldo\Dati applicazioni\U3\temp\cleanup.exe
2009-11-15 13:20 . 2008-05-02 09:41 3493888 ---ha-w- c:\documents and settings\vpnbaldo\Dati applicazioni\U3\temp\Launchpad Removal.exe
2009-11-15 13:19 . 2009-11-19 15:35 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\U3
2009-11-13 18:06 . 2009-10-23 16:34 652568 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgmtrapx.dll
2009-11-13 18:06 . 2009-10-23 16:34 328472 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgxch32.dll
2009-11-13 18:06 . 2009-10-23 16:34 292632 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avglngx.dll
2009-11-13 18:06 . 2009-10-23 16:34 615192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcertx.dll
2009-11-13 18:05 . 2009-10-23 16:34 610072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgiproxy.exe
2009-11-11 18:45 . 2009-11-11 18:45 -------- d-----w- c:\programmi\Microsoft
2009-11-07 19:04 . 2009-11-07 19:04 -------- d-----w- C:\OEMSettings
2009-11-07 19:04 . 2009-11-07 19:04 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-11-07 19:03 . 2009-11-07 19:03 -------- d-----w- c:\programmi\NETGEAR
2009-11-06 19:44 . 2009-11-08 17:15 -------- d-----w- c:\programmi\JDownloader
2009-10-28 16:46 . 2009-10-29 09:32 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\NOS
2009-10-28 16:46 . 2009-09-23 15:37 34112 ----a-w- c:\documents and settings\vpnbaldo\Dati applicazioni\Mozilla\Firefox\Profiles\6nh0jn98.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-10-28 16:46 . 2009-09-23 15:37 32448 ----a-w- c:\documents and settings\vpnbaldo\Dati applicazioni\Mozilla\Firefox\Profiles\6nh0jn98.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-10-28 16:46 . 2009-09-23 15:37 22352 ----a-w- c:\documents and settings\vpnbaldo\Dati applicazioni\Mozilla\Firefox\Profiles\6nh0jn98.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2009-10-27 13:55 . 2009-10-27 13:55 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Macrium
2009-10-27 13:54 . 2009-10-27 13:54 43646 ----a-r- c:\documents and settings\vpnbaldo\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_EF7BC6DDBE20B4C1311492.exe
2009-10-27 13:54 . 2009-10-27 13:54 43646 ----a-r- c:\documents and settings\vpnbaldo\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_D707CE1C009F1381803C2C.exe
2009-10-27 13:54 . 2009-10-27 13:54 43646 ----a-r- c:\documents and settings\vpnbaldo\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_81A4006ABC1B62DCE5F5CA.exe
2009-10-27 13:54 . 2009-10-27 13:54 43646 ----a-r- c:\documents and settings\vpnbaldo\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_21F3885A18D238E15AAE81.exe
2009-10-27 13:54 . 2009-10-27 13:54 29926 ----a-r- c:\documents and settings\vpnbaldo\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_455EF241629E11584EA727.exe
2009-10-27 13:54 . 2009-10-27 13:54 109534 ----a-r- c:\documents and settings\vpnbaldo\Dati applicazioni\Microsoft\Installer\{986389BF-2AE7-4C4D-B284-519BA869EDD1}\_6FEFF9B68218417F98F549.exe
2009-10-27 13:53 . 2009-10-27 13:53 -------- d-----w- c:\programmi\Macrium
2009-10-26 16:05 . 2009-10-26 16:08 -------- d-----w- C:\Netgear
2009-10-23 16:48 . 2009-10-23 16:48 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\AVG9
2009-10-23 16:44 . 2009-10-23 16:42 2421016 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avguiadv.dll
2009-10-23 16:43 . 2009-10-23 16:42 4015384 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgui.exe
2009-10-23 16:43 . 2009-10-23 16:42 2010904 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgtray.exe
2009-10-23 16:43 . 2009-10-23 16:42 1257752 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgfrw.exe
2009-10-23 16:43 . 2009-10-23 16:42 3774232 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\setup.exe
2009-10-23 16:43 . 2009-10-23 16:34 97560 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgdumpx.exe
2009-10-23 16:43 . 2009-10-23 16:40 3963672 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgcorex.dll
2009-10-23 16:43 . 2009-10-23 16:40 496920 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgchjwx.dll
2009-10-23 16:39 . 2009-10-23 16:34 842520 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.exe
2009-10-23 16:39 . 2009-10-23 16:38 1657112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\avg9\update\backup\avgupd.dll
2009-10-23 16:35 . 2009-11-03 15:35 -------- d-----w- C:\$AVG
2009-10-23 16:35 . 2009-10-23 16:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-23 16:35 . 2009-10-23 16:35 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-23 16:35 . 2009-10-23 16:35 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-23 16:34 . 2009-11-21 17:08 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-23 16:34 . 2009-10-23 16:34 -------- d-----w- c:\programmi\AVG
2009-10-23 16:34 . 2009-10-23 16:34 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg9
2009-10-23 15:40 . 2009-10-23 15:40 70608 ----a-w- c:\documents and settings\Administrator\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-23 15:38 . 2009-10-23 15:38 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-23 14:53 . 2009-10-23 14:53 -------- d-----w- c:\programmi\Analog Devices
2009-10-23 14:52 . 2009-10-23 14:52 -------- d-----w- C:\SWSetup
2009-10-23 14:47 . 2009-10-23 14:47 -------- d-----w- c:\programmi\Broadcom

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 20:59 . 2008-08-30 12:27 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\Ashampoo
2009-11-18 18:58 . 2009-10-04 15:44 18656 ----a-w- c:\windows\NGSSLDrv.sys
2009-11-18 18:58 . 2009-09-30 17:31 31968 ----a-w- c:\windows\NGUninstallVPNTunnel.exe
2009-11-17 19:11 . 2004-06-01 11:49 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-11-16 15:47 . 2009-03-22 17:49 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\gtk-2.0
2009-11-13 18:00 . 2009-08-21 20:13 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\Auslogics
2009-11-01 10:44 . 2008-12-22 10:13 -------- d-----w- c:\programmi\File comuni\Adobe AIR
2009-11-01 10:43 . 2009-09-07 16:16 38208 ----a-w- c:\documents and settings\vpnbaldo\Dati applicazioni\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-30 15:46 . 2009-09-10 16:02 -------- d-----w- c:\programmi\Tracker Software
2009-10-27 18:50 . 2007-09-26 12:07 -------- d---a-w- c:\documents and settings\All Users\Dati applicazioni\TEMP
2009-10-23 17:01 . 2009-04-10 17:41 -------- d-----w- c:\programmi\SpywareBlaster
2009-10-23 16:06 . 2004-06-03 14:42 -------- d-----w- c:\programmi\File comuni\Symantec Shared
2009-10-16 18:35 . 2003-05-29 06:50 85468 ----a-w- c:\windows\system32\perfc010.dat
2009-10-16 18:35 . 2003-05-29 06:50 492996 ----a-w- c:\windows\system32\perfh010.dat
2009-10-16 16:10 . 2009-10-16 16:10 -------- d-----w- c:\programmi\EASEUS
2009-10-13 13:31 . 2009-10-13 13:31 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\kompozer.net
2009-10-10 17:26 . 2009-03-05 20:17 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\FileZilla
2009-10-10 12:51 . 2004-12-20 18:03 70608 ----a-w- c:\documents and settings\vpnbaldo\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-10-07 17:18 . 2009-10-07 17:18 -------- d-----w- c:\programmi\TI Education
2009-10-06 13:24 . 2009-10-06 13:24 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\GlarySoft
2009-10-05 19:03 . 2009-10-05 19:01 -------- d-----w- c:\programmi\Free-Web-Buttons.com
2009-10-05 17:27 . 2009-10-05 17:28 185856 ----a-w- c:\windows\system32\framedyn.dll
2009-10-05 17:27 . 2009-10-05 17:28 5415 ----a-w- c:\windows\system32\Choice.com
2009-10-05 14:20 . 2009-09-30 14:17 18656 ----a-w- c:\windows\system32\drivers\NGSSLDrv.sys
2009-10-03 15:06 . 2008-12-06 13:03 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-09-27 16:02 . 2008-09-04 14:10 -------- d-----w- c:\documents and settings\vpnbaldo\Dati applicazioni\LimeWire
2009-09-27 15:49 . 2004-06-03 14:18 -------- d-----w- c:\programmi\File comuni\Roxio Shared
2009-09-27 15:45 . 2008-08-30 12:23 -------- d-----w- c:\programmi\Ashampoo
2009-09-25 15:11 . 2009-01-05 14:41 4045528 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-09-25 05:35 . 2004-08-23 19:35 669696 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:35 . 2009-04-02 12:34 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:17 . 2003-04-08 02:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 12:54 . 2008-12-06 13:03 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 12:53 . 2008-12-06 13:03 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2003-04-08 02:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 19:52 . 2003-04-08 02:00 219648 ----a-w- c:\windows\system32\uxtheme.dll
2009-08-29 11:59 . 2009-08-29 11:59 492996 ----a-w- c:\windows\system32\prfh0410.dat
2009-08-29 11:59 . 2009-08-29 11:59 85468 ----a-w- c:\windows\system32\prfc0410.dat
2009-08-28 07:01 . 2009-08-28 07:01 152576 ----a-w- c:\documents and settings\vpnbaldo\Dati applicazioni\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-26 14:10 . 2004-05-18 18:30 213544 ----a-w- c:\windows\system32\drivers\b57xp32.sys
2009-08-26 08:00 . 2003-04-08 02:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 11:16 . 2009-08-25 11:16 32224 ----a-w- c:\windows\system32\drivers\psmounter.sys
2008-08-31 14:17 . 2008-08-31 14:14 8785344 ----a-w- c:\programmi\ShareazaV4.exe
2008-08-31 14:10 . 2008-08-31 13:46 5265101 ----a-w- c:\programmi\Shareaza_2.3.1.0_Win32.exe
2008-08-31 12:18 . 2008-08-31 12:18 1495112 ----a-w- c:\programmi\install_flash_player.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\programmi\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\programmi\mozilla firefox\plugins\ssldivx.dll
2008-01-02 14:49 . 2008-01-02 14:40 72 --sh--w- c:\windows\SED1FC91E.tmp
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srmclean"="c:\cpqs\Scom\srmclean.exe" [2001-07-24 36864]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143872]
"DSLAGENTEXE"="dslagent.exe" - c:\windows\system32\dslagent.exe [2001-10-02 16384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-23 16:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Mobile User VPN.lnk]
backup=c:\windows\pss\Mobile User VPN.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^NETGEAR WG111v3 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\NETGEAR WG111v3 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WG111v3 Smart Wizard.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programmi\\WatchGuard\\Mobile User VPN\\Vpn.exe"=
"c:\\Programmi\\NX Client for Windows\\nxclient.exe"=
"c:\\Programmi\\NX Client for Windows\\bin\\nxssh.exe"=
"c:\\Programmi\\AVG\\AVG9\\avgupd.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Programmi\\Java\\jre6\\bin\\java.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Shareaza\\Shareaza.exe"=
"c:\\Documents and Settings\\vpnbaldo\\Desktop\\Simone\\uTorrent\\App\\utorrent\\utorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\Ubisoft\\Splinter Cell Pandora Tomorrow\\Support\\Check_Appli\\pandora_detection.exe"=
"c:\\Programmi\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1755:TCP"= 1755:TCP:eMule TCP
"1756:UDP"= 1756:UDP:Emule UDP

R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [5/20/2008 9:32 15328]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/23/2009 17:35 333192]
R2 avg9wd;AVG Free WatchDog;c:\programmi\AVG\AVG9\avgwdsvc.exe [10/23/2009 17:34 285392]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [6/3/2004 16:37 217088]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 13:13 38144]
R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [6/3/2004 16:37 114232]
R2 MBAMService;MBAMService;c:\programmi\Malwarebytes' Anti-Malware\mbamservice.exe [12/6/2008 14:03 269648]
R3 Amps2prt;Trust Ami PS/2 Port Mouse Driver (11);c:\windows\system32\drivers\Amps2prt.sys [1/7/2003 18:16 9600]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vapnt.sys [6/3/2004 16:36 36188]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/6/2008 14:03 19160]
R3 NGSSLDrv;VPN Tunnel NGSSLDrv Adapter;c:\windows\system32\drivers\NGSSLDrv.sys [9/30/2009 15:17 18656]
R3 SbieDrv;SbieDrv;c:\programmi\Sandboxie\SbieDrv.sys [5/28/2009 14:32 108032]
S2 gafwload;ZyXEL USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [6/14/2004 9:30 26987]
S2 U3sHlpDr;U3sHlpDr;\??\c:\windows\System32\Drivers\U3sHlpDr.sys --> c:\windows\System32\Drivers\U3sHlpDr.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [10/16/2009 17:10 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [10/16/2009 17:10 3072]
S3 FreeOTFE;FreeOTFE;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFE.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFE.sys [?]
S3 FreeOTFECypherAES_ltc;FreeOTFECypherAES_ltc;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherAES_ltc.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherAES_ltc.sys [?]
S3 FreeOTFECypherBlowfish;FreeOTFECypherBlowfish;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherBlowfish.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherBlowfish.sys [?]
S3 FreeOTFECypherCAST5;FreeOTFECypherCAST5;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherCAST5.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherCAST5.sys [?]
S3 FreeOTFECypherCAST6_Gladman;FreeOTFECypherCAST6_Gladman;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherCAST6_Gladman.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherCAST6_Gladman.sys [?]
S3 FreeOTFECypherDES;FreeOTFECypherDES;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherDES.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherDES.sys [?]
S3 FreeOTFECypherMARS_Gladman;FreeOTFECypherMARS_Gladman;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherMARS_Gladman.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherMARS_Gladman.sys [?]
S3 FreeOTFECypherRC6_ltc;FreeOTFECypherRC6_ltc;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherRC6_ltc.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherRC6_ltc.sys [?]
S3 FreeOTFECypherSerpent_Gladman;FreeOTFECypherSerpent_Gladman;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherSerpent_Gladman.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherSerpent_Gladman.sys [?]
S3 FreeOTFECypherTwofish_ltc;FreeOTFECypherTwofish_ltc;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherTwofish_ltc.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFECypherTwofish_ltc.sys [?]
S3 FreeOTFEHashMD;FreeOTFEHashMD;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashMD.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashMD.sys [?]
S3 FreeOTFEHashRIPEMD;FreeOTFEHashRIPEMD;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashRIPEMD.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashRIPEMD.sys [?]
S3 FreeOTFEHashSHA;FreeOTFEHashSHA;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashSHA.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashSHA.sys [?]
S3 FreeOTFEHashTiger;FreeOTFEHashTiger;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashTiger.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashTiger.sys [?]
S3 FreeOTFEHashWhirlpool;FreeOTFEHashWhirlpool;\??\g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashWhirlpool.sys --> g:\winpenpack\Bin\FreeOTFE\x86\FreeOTFEHashWhirlpool.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 15:02 287232]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
.
Contenuto della cartella 'Scheduled Tasks'

2009-11-21 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/ig?hl=it
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://go.compaq.com/1Q00CDT/0410/bl7.asp
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0410/bl8.asp
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
IE: Scarica con Download &Express - c:\programmi\Download Express\Add_Url.htm
Name-Space Handler: ftp\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: http\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
Name-Space Handler: https\HIEClickCatcher - {E131C96E-4DDB-11D4-84B8-008048B33DEA} - c:\progra~1\DOWNLO~1\mdpph.dll
DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://62.123.107.140/MLWebCacheCleaner.cab
FF - ProfilePath - c:\documents and settings\vpnbaldo\Dati applicazioni\Mozilla\Firefox\Profiles\6nh0jn98.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.it/
FF - prefs.js: keyword.URL - hxxp://it.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\vpnbaldo\Dati applicazioni\Mozilla\Firefox\Profiles\6nh0jn98.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\vpnbaldo\Impostazioni locali\Dati applicazioni\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\programmi\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\programmi\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\programmi\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

WebBrowser-{A057A204-BACC-4D26-C39E-35F1D2A32EC8} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-21 18:32
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3584)
c:\windows\system32\WPDShServiceObj.dll
c:\programmi\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\WatchGuard\Mobile User VPN\IreIKE.exe
c:\programmi\AVG\AVG9\avgchsvx.exe
c:\programmi\AVG\AVG9\avgrsx.exe
c:\programmi\WatchGuard\Mobile User VPN\IPSecMon.exe
c:\programmi\AVG\AVG9\avgcsrvx.exe
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\Macrium\Reflect\ReflectService.exe
c:\programmi\Sandboxie\SbieSvc.exe
c:\windows\System32\MsPMSPSv.exe
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Ora fine scansione: 2009-11-21 18:49 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-11-21 17:49

Pre-Run: 12.243.214.336 byte disponibili
Post-Run: 12.225.306.624 byte disponibili

- - End Of File - - 6BBF0DBA70C6CEDD82576B5FE1EFB069

Ciao simo95 .
Dei rimasugli del navipromo sono stati levati, assieme ad altro.
Riscontri problemi?

1) non hai avuto grossi problemi, perchè non avevi l'eseguibile del navipromo.

2) Combofix disattiva l'Autorun.inf delle periferiche di Default.
Prova questo per ripristinarlo:
http://www.microsoft.com/DOWNLOADS/details.aspx?FamilyID=c680a7b6-e8fa-45c4-a171-1b389cfacdad&displaylang=en
Comunque simo95 ,per la sicurezza del pc, è un bene che l'Autoplay sia disattivato.

Mi sa che ti sbagli...!